Description: Software lifecycle activities regularly extend beyond the internal environment. Outsourced software development, acquisition, and procurement activities require specific attention to ensure security is integrated into the end software product or service. In this course, you'll learn about supplier risk assessment considerations, including intellectual property, code reuse, and legal compliance complexities. This course also introduces some considerations to make with supplier sourcing like contractual integrity controls, vendor technical integrity controls, and service-level agreements or SLAs. Finally, this course also introduces software delivery and maintenance best practices like publishing and dissemination controls, product deployment and sustainment controls, and supplier transitioning requirements. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional or CSSLP exam.
Target Audience: Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam
Duration: 01:56
Description: Regardless of how encompassing your software designs are, there's always a possibility that vulnerabilities still exist in the software or new vulnerabilities will be discovered later in the software development lifecycle. In this course, you'll learn different pre- and post-release activities to address these such as the pre-release testing process, completion criteria, risk acceptance practices, post-release plans, and independent testing options. You'll also be introduced to installation and deployment controls that you can use to mitigate vulnerabilities such as bootstrapping, configuration management practices, and release management. Finally, this course will cover operations and maintenance best practices for managing vulnerabilities such as incident and problem management, change management, and software disposal planning and execution for end-of-phase iterations. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional or CSSLP exam.
Target Audience: Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam
Duration: 01:21
Description: It's not enough to integrate secure coding into your software designs; it's equally important to test that your controls function properly. In this course, you'll learn best practices for testing for security and quality insurance, including artifact testing, functional and nonfunctional testing, and bug tracking. This course also covers some of the essential testing types such as penetration testing, scanning, simulation testing, failure testing, and cryptographic validation. Finally, you'll explore options for dealing with test results, such as the importance of impact assessments and corrective actions you can take with less than perfect results. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional or CSSLP exam.
Target Audience: Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the CSSLP exam
Duration: 01:27
Description: Building security controls within software implementation and coding is vital for end-product software security. In this course, you'll learn about declarative versus programmatic security, how to use Open Web Application Security Project or OWASP and Common Weakness Enumeration or CWE as great security sources, and some defense coding practices and controls such as configuration, error handling, and session management. This course also covers some essential secure coding techniques such as versioning, peer-based code reviews, code analysis, and anti-tampering techniques. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
Target Audience: Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam
Duration: 02:08
Description: Security practices must be integrated in every aspect of software design. In this course, you'll explore secure software design processes such as attack surface evaluation, threat modeling, control identification, and prioritization. You'll also be introduced to specific design considerations to keep in mind like addressing core security concepts and interconnectivity. Finally, this course covers best practices for securing commonly used architecture and technologies like virtualization, database, and the programming language environment. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
Target Audience: Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam
Duration: 02:32
Description: Integrating security into the software development process and identifying key security objectives is paramount to successful secure software development. In this course, you'll learn about internal and external security requirements and how to classify and categorize data. You'll also explore functional requirements such as role and user definitions, the role of the deployment environment on requirements, and sequencing and timing requirements. Finally, this course covers operational requirements such as deployment and management solutions. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
Target Audience: Individuals interested in secure software lifecycle design concepts and methodologies, candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam
Duration: 01:17
Description: A fundamental understanding of the potential risks, vulnerabilities and exposures throughout the software lifecycle is the basis for ensuring overall software security. In this course, you'll learn about the core concepts of confidentiality, integrity, authentication, and authorization. You'll also be introduced to security design principles such as least privilege, separation of duties, fail safe, and economy of mechanism. Finally, this course covers best practices for governance, risk, and compliance throughout the software lifecycle. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Secure Software Lifecycle Professional (CSSLP) exam.
Target Audience: Individuals interested in secure software lifecycle design concepts and methodologies; candidates for the Certified Secure Software Lifecycle Professional (CSSLP) exam
Duration: 02:15